![Page 1: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/1.jpg)
“State of the art” Software Modeling
Tony Elliston
SIGADA 2004Atlanta
![Page 2: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/2.jpg)
TNI Europe Limited
• Market our own software modelling tools:– CP-Hood and Stood.
• Distributor for TNI Software range of products.
![Page 3: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/3.jpg)
TNI Europe
2004 Acquisition of Stood from TNI-ValiosysOffice in Brest (F)
2000 Created near Manchester (UK)
Acquisition of CP-HOOD from Critical Path2001
Release of Stood 5.0
![Page 4: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/4.jpg)
ReqtifyReqtifyA light and powerful solution for A light and powerful solution for
requirements traceabilityrequirements traceability
![Page 5: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/5.jpg)
Requirements Traceability
Need Solution
Design
Implement.
Unit Tests
Integration
Final Acc.
SystemAnalysis
UserReqs
For a given process, evolutions and modifications can be necessary at each step, and the impact must be analysed before decision :
![Page 6: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/6.jpg)
Easy to integrate
A non-intrusive approach :No modification of your development and configuration management process.
Reqtify can even be used on projects already started !
Traceability during the whole process(text tools, analysis and modelling tools, code,…)
Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards.
Simple user interface allowing powerful navigation in the traceability graph
![Page 7: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/7.jpg)
Immediate ROI
A minimal investment :Easy to handle, very short training course,No need for database administration,A Floating licenceWindows/UNIX interoperability
A small investment in Reqtify and training can provide a truly extraordinary payback even on the first project.
![Page 8: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/8.jpg)
Documents generated :• Traceability matrix,• Upstream and downstream impact analysis,• Project description,• Synthesis of added information,• User defined templates...
Generated formats :• RTF (Word)• PDF• HTML• LaTeX• TPS (InterLeaf)• MIF (FrameMaker)• ASCII• Text only
Documentation generation
![Page 9: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/9.jpg)
Reqtify coupling capabilities
• Office toolsWord, Excel, Access, Powerpoint, PDF,Text, Framemaker(Win & UNIX), Interleaf,
Quicksilver, MS Project
• UML toolsRhapsody, Rose, Objecteering.
• Modeling toolsStood, CP-Hood, Simulink, Statemate, Scade, RTBuilder, System Architect, Matlab.
• Code filesC, Ada, SDL, VHDL, Verilog, Matlab (.m) files, Test Script, Test log, all ASCII files.
• Configuration ManagementClearcase, CVS, PVCS.
• Hardware design toolsVisualElite, VNCover.
• Requirements Management ToolsDoors, Requisite Pro.
New tools are easy to integrate
![Page 10: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/10.jpg)
Who uses Reqtify ?• AIRBUS for A340 and A380 software and avionics
Corporate agreement
• MBDA for missile software developments
• EUROCOPTER for the Australian TIGER helicopter
• CNES (French space agency) for Satellite projects
• ALCATEL Space for Satellite ground projects
• THALES across a number of divisions and projects, both in France and the UKCorporate agreement
• Siemens VDO : Automotive computers
• ALSTOM : Singapore & Lausanne metros,…
![Page 11: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/11.jpg)
Stood 5
www.tni-world.com
![Page 12: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/12.jpg)
Stood
Sof tware Requirements
Analy sis
Sof tware Design
Sof tware Coding
Sof tware Unit
Testing
Sof tware Functional
Testing
Stood
• An industrial software design tool
• Already deployed & supported on manycritical projects (DO-178B, ECSS-E40, MIL-STD-498)
• UML 2.0 front end & AADL plug-in
![Page 13: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/13.jpg)
AADL 1.0 (Sept 2004)
metaH (1993)
StoodStood
HOOD 3.0 (1989)
HOOD 1.0 (1987)
HOOD 3.1 (1992)
HRT-HOOD (1995) HOOD 4.0 (1995)
Ada 83Ada 83
Ada 95Ada 95
Ada 0yAda 0y
UML 1.1 (1997)
OMT (1991)
UML 1.4 (2001)
UML 2.0 (2004?)CotreCotre
Stood 5.0Stood 5.0
Background
![Page 14: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/14.jpg)
In line with current trends
• promotes Model Driven Engineering: « designing before coding »- advanced modeling solution- model transformations
• promotes Component Based Architectures to ease:- team development- reuse- testing- maintenance
• promotes flexible Software Design practices:- incremental documentation- incremental coding and round-trip engineering- incremental requirements traceability- extensive tool customization capabilities
![Page 15: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/15.jpg)
GUIDataBase
kernel
Tool overview
inpu
t output
interchangemodel transformation
plugins
SW Requirements------------------Ada legacy code C legacy code
Req. TraceabilityVerification reports-------------------Source files:-Ada 95-Ada Ravenscar- C/C++-------------------Documentation:- PostScript- PDF- Word- FrameMaker- HTML
AADLXML/SIF
Conf. Management
![Page 16: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/16.jpg)
Model transformations
transformation
engine
Generation Predicates
SIF file
otherlanguage
Stood
Generation Rules
Reverse Predicates
analyser
Reverse Rules
StoodPlugins
StoodCompo-nents
repository
otherCompo-nents
repository
transformation
engine
![Page 17: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/17.jpg)
Formal transformation rulesexample: AADL generator
component_type_extension ::=component_category defining_component_type_identifierextends unique_component_type_identifier[ features ( { feature | feature_refinement }+ | none_statement ) ][ flows ( { flow_spec | flow_spec_refinement }+ | none_statement ) ][ properties ( { component_type_property_association }+ | none_statement ) ]{ annex_subclause }*end defining_component_type_identifier ;
• AADL definition:
genComponentType(X,C,I,P) :-indent(I), write(C), sp, write(X), opt_EXTENSION(X,C), nl,opt_FEATURES(X,I,P), opt_FLOWSPEC(X,I), opt_TYPPROPERTIES(X,I), opt_ANNEXES(X,I), indent(I), write('END '), write(X), sc, nl, nl.
• Corresponding code generation rule in prolog:
![Page 18: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/18.jpg)
What is a Component ?• UML 2.0 (final adopted specification)
« A component can always be considered an autonomous unit within a system or subsystem. It has one or more provided and required interfaces (...), and its internals are hidden and inaccessible other than as provided by its interfaces. Although it may be dependent on other elements in terms of interfaces that are required, a component is encapsulated and its dependencies are designed such that it can be treated as independently as possible. »
• AADL 1.0 (AS5506)« A component represents some hardware or software entity that is part of a system being modeled in AADL. A component has a component type, which defines a functional interface. The component type acts as the specification of a component that other components can operate against. (...) A component has zero or more component implementations. A component implementation specifies an internal structure for a component as an assembly of subcomponents. »
• HOOD (HRM 4)« A HOOD object is thus a software module specification, being primarily an encapsulation of services provided to other client software. (...) An object has a visible part (the interface) , and a hidden part (the internals) which cannot be accessed directly by external objects. (...) The interface part defines the services (...) provided by the object, as well as the services required from other objects. »
![Page 19: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/19.jpg)
Why AADL ?• AADL is System oriented and can be used in the early phases of a project.
• It complements and easily interacts with the UML 2.0 / HOOD Software modeling approach• It may become an efficient communication media all along the project lifecycle.
• It is already supported by the industry of critical systems in the USA and in Europe.
• It brings a default predefined behavioural semantics to real-time components.
• It can be used at System level for simulation• It can be used at Software level for advanced real-time code generation
• It offers wide extension mechanisms• Property_sets and Annexes• Already used by the COTRE (ending) and ASSERT (starting) projects
![Page 20: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/20.jpg)
Graphical notations
UML 2.0
HOOD
ProvidedInterface
RequiredInterface
Note:an annex of the AADL standard also defines a specific graphical notation
AcquireData
File
ProcessData
DataBase
![Page 21: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/21.jpg)
STOOD 5 SummaryUML gives the general background:
What is a component ?+
AADL brings precise semantics for real-time components:What is the behaviour of a periodic thread ?
+HOOD offers a well structured process to build the system:
How do I define and assemble my components ?=
Stood provides the appropriate framework to support all that in the context of real industrial projects:- productivity: distributed development, reuse of legacy data, code generation- quality: verifications, documentation, certification issues
![Page 22: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/22.jpg)
Features summary 1/2
Architectural Design- components based approach with black-box and white-box views - UML 2.0 graphical notation- AADL import/export- support of HOOD and HRT-HOOD methodology- built-in real-time model
Detailed Design & Coding- customizable structured detailed design framework- incremental documentation- incremental coding and round-trip engineering- incremental requirements coverage- legacy Ada and C code reverse engineering
Verifications- cross references table- automatic calculation of the required interfaces- automatic generation of call trees and dataflow graphs- real-time schedulability analysis- requirements traceability matrix- design rules checker- design metrics
Support of the Software Design activities
![Page 23: “State of the art” Software Modeling Tony Elliston SIGADA 2004 … · Qualified DO178-B as a verification tool for A380, complies with D0254 and other standards. Simple user interface](https://reader030.vdocuments.us/reader030/viewer/2022040522/5e7f7391a07fcf03d42358ba/html5/thumbnails/23.jpg)
Features summary 2/2
Project management- full Windows-Unix interoperability- network distributed project bases- integrated interface to remote Configuration Management Systems- multi user management at system and subsystem level- SIF and XML design model interchange
Requirements traceability- import of high level requirements- incremental requirements coverage- management of the derived requirements- bidirectional interface with Reqtifytm
Code & Doc generators- Ada95- C/C++- HTML- PostScript/PDF- RTF (Wordtm)- MIF (FrameMakertm)
Compliancy to Standards- DO-178B for embedded avionics- ECSS-E40 for space systems- EN-50128 for railways- MIL-STD-498 for military
Workflow Integration